Determining OS version from an evidence image

One of the first steps an examiner will need to carry out once they have an evidence image is log system metadata, including OS version and patch level. This may be of particular importance if the image in question is from a machine that is suspected of having been compromised.